February 6, 2014

New interpretations of NSA monitoring the German chancellor

(UPDATED: March 30, 2014)

One of the biggest scandals among the revelations about NSA spying activities, was that NSA was monitoring a mobile phone used by the current German chancellor Angela Merkel (although not her secure government cell phone, but the unsecured one provided by her political party).

But on February 4th, the German newspaper Süddeutsche Zeitung and the regional television channel NDR came with a somewhat different interpretation of this story.

Both media presented the document which proofs the monitoring to NSA insiders, who explained that it shows that since 2002 NSA was targeting the German chancellor, and not specifically Angela Merkel, who became chancellor just by the end of 2005.

In 2002, this office was held by her predecessor Gerhard Schröder, who was chancellor from October 1998 to November 2005, leading an unprecedented coalition with the Green Party for two terms.

Citing a number of US government sources and NSA insiders, both media say that Schröder's opposition to the American invasion of Iraq - and fears of a split within NATO as a result - was the primary reason to start monitoring his communications (in those days, NSA and GCHQ also eavesdropped on UN Secretary-General Kofi Annan and members of the Security Council).

The NSA document mentioning the surveillance of the German chancellor was published in the print editions of several German newspapers:

NSA record mentioning the phone number of the German chancellor
(Source: FAZ newspaper website)

Apparently this document comes from an NSA database in which the agency records its targets. This could be a tasking database codenamed OCTAVE, which is used for starting telephony interceptions. An explanation of the various entries can be found in my earlier article How NSA targeted chancellor Merkel's mobile phone.

There, I already noticed that it's somewhat strange to see Merkel mentioned as 'GE CHANCELLOR', as she was still the opposition leader when the surveillance started in 2002. Therefore, either this particular entry or the whole record must have been updated somewhere after she became chancellor in November 2005.

That action has now been confirmed by Süddeutsche Zeitung and NDR, saying that NSA started monitoring the 'German chancellor' in 2002 - which by then was Gerhard Schröder. When he was succeeded by Angela Merkel in 2005, and she became the incumbent of the chancellor's office, her name was entered in the subscriber line of the targeting record.

The initial story by Der Spiegel from October 23, 2013, apparently ignored this discrepancy and concluded that "the NSA would have targeted Merkel's cellphone for more than a decade, first when she was just party chair, as well as later when she'd become chancellor".

In the new interpretation, NSA was not specifically looking for Angel Merkel, as the Spiegel story suggests, but rather trying to monitor the person holding the office of German chancellor.

A third interpretation was brought forward by 'hacktivist' Jacob Appelbaum, who contributes to the Snowden-stories in Der Spiegel, saying that the NSRL (National SIGINT Requirements List) code 2002-388 stands for "a set of people - under which Merkel has been monitored".

This could explain the asterisk in 2002-388* - as a placeholder for a fourth digit after 388, designating multiple sub-targets under that number. If that's the case, then probably also other high-ranking German cabinet members and government officials could have been monitored by NSA, maybe even including Angela Merkel when she was still opposition leader.

Another question is about the origin of the NSA tasking-record which appeared in German newspapers. It clearly looks like scanned or photographed from a piece of paper (showing dust or ink spots, wavy lines) and the text is in the rather unusual Ayuthaya font, which normally comes with Macintosh OS X, primarily to display Thai script. The phone number also seems to be blacked out by a marker, rather than digitally.

Could it be that Snowden printed this database record in order to smuggle it out of his NSA office and then digitalized it by making a picture of it? Another question is whether there are more such (hard copy) tasking records among the Snowden-documents, or how else could Appelbaum know that there were multiple people targeted under that particular NSRL number?

German chancellor Gerhard Schröder
using a mobile cell phone

Although there are pictures of chancellor Schröder using a mobile phone, it was said in German media that he actually hadn't one for himself, but used a cell phone from people in his entourage whenever that was necessary.

Other sources say that Schröder's communications appeared to have been hacked or intercepted in the late 1990s, after which he ordered a secure (mobile) phone system to be developed.

One of the very first highly secure mobile phones, called TopSec GSM, was made by Siemens (later Rohde & Schwarz) and became available in 2001. Another solution, the Enigma encryption system for GSM phones, was apparently developed by Deutsche Telekom and sold since 2002 by the Beaucom Group.

It's not clear whether Gerhard Schröder actually used one of these phones, but it's an interesting coincidence that they became available around the same time NSA started its monitoring of the German chancellor.

UPDATE:

On March 29, 2014, Der Spiegel provided some additional details about NSA's monitoring of chancellor Merkel based upon a presentation from NSA's Center for Content Extraction (CCE, unit designator T1221), whose tasks apparently include the automated analysis of all types of text data. The magazine published just one slide from this presentation, which shows twelve names, including Merkel's, from a list of 122 heads of state and heads of government which are or were monitored by NSA:

The document indicates that Angela Merkel has been placed in the Target Knowledge Base (TKB), a central database of individual targets. According to an internal NSA description this database can be used analyze "complete profiles" of target persons. The responsible NSA unit praises the automated machine-driven administration of collected information about high-value targets.

The searchable sources cited in the document include, among others, the signals intelligence database MARINA, which contains metadata ingested from sources around the world. The unit also gives special attention to promoting a system for automated name recognition called "Nymrod". The document states that some 300 automatically generated "cites," or citations, are provided for Angela Merkel alone.

The citations in NYMROD are derived from intelligence agencies, transcripts of intercepted fax, voice and computer-to-computer communication. According to internal NSA documents, it is used to "find information relating to targets that would otherwise be tough to track down." Each of the names contained in NYMROD is considered a SIGINT target.

The manual maintenance of the database with high-ranking targets is a slow and painstaking process, the document notes, and fewer than 200,000 targets are managed through the system. Automated capture, by contrast, simplifies the saving of the data and makes it possible to manage more than 3 million entries, including names and the citations connected to them.

The table included in the document indicates the capture and maintenance of records pertaining to chancellor Merkel already appears to have been automated. In any case, the document indicates that a manual update was not available in May 2009.

US Red Phones

Sequence of the real Red Phones, not for the Washington-Moscow Hotline, but for the US Defense Red Switch Network (DRSN). The phones shown here were in use from the early eighties up to the present day and most of them were made by Electrospace Systems Inc. They will be discussed on this weblog later.

Contact

For questions, suggestions and other remarks about this weblog in general or any related issues, please use the following e-mail address: info (at) electrospaces.net

For sending an encrypted e-mail message, you can use the PGP Public Key under this ID: B4515E04

You can also communicate through Twitter: @electrospaces or XMPP/Jabber chat by using the address electrospaces (at) jabber.de

The title picture of this weblog shows the watch floor of the NSA's National Security Operations Center (NSOC) in 2006. The URL of this weblog recalls Electrospace Systems Inc., the company which made most of the top level communications equipment for the US Government. All information on this weblog is obtained from unclassified or publicly available sources.QW5kIGZpbmFsbHksIHRoaXMgaXMgd2hhdCBhIHRleHQgbG9va3MgbGlrZSwgd2hlbiBpdCdzIG9ubHkgZW5jb2RlZCB3aXRoIHRoZSBzdGFuZGFyZCBCYXNlNjQgc3lzdGVtLiBHdWVzcyBob3cgY29tcGxpY2F0ZWQgaXQgbXVzdCBiZSB3aGVuIGEgcmVhbCBzdHJvbmcgYWxnb3JpdGhtIHdhcyB1c2VkLg==